package com.ibm.ws.security.acme.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.acme.AcmeCaException;
import com.ibm.ws.security.acme.AcmeCertificate;
import com.ibm.ws.security.acme.internal.exceptions.IllegalRevocationReasonException;
import com.ibm.ws.security.acme.internal.util.AcmeConstants;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.nio.file.Files;
import java.security.AccessController;
import java.security.KeyPair;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.naming.ldap.Rdn;
import org.shredzone.acme4j.Account;
import org.shredzone.acme4j.AccountBuilder;
import org.shredzone.acme4j.Authorization;
import org.shredzone.acme4j.Certificate;
import org.shredzone.acme4j.Login;
import org.shredzone.acme4j.Order;
import org.shredzone.acme4j.OrderBuilder;
import org.shredzone.acme4j.RevocationReason;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.Status;
import org.shredzone.acme4j.challenge.Challenge;
import org.shredzone.acme4j.challenge.Http01Challenge;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.exception.AcmeProtocolException;
import org.shredzone.acme4j.exception.AcmeRetryAfterException;
import org.shredzone.acme4j.exception.AcmeServerException;
import org.shredzone.acme4j.exception.AcmeUserActionRequiredException;
import org.shredzone.acme4j.util.CSRBuilder;
import org.shredzone.acme4j.util.KeyPairUtils;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/acme/internal/AcmeClient.class */
public class AcmeClient {
    private final AcmeConfig acmeConfig;
    private final Map<String, String> httpTokenToAuthzMap = new HashMap();
    private final long POLL_SLEEP = 500;
    static final long serialVersionUID = -7336843268505669930L;
    private static final TraceComponent tc = Tr.register(AcmeClient.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    private static final ReadWriteLock accountKeyPairFileRWLock = new ReentrantReadWriteLock();

    @Trivial
    /* loaded from: input_file:com/ibm/ws/security/acme/internal/AcmeClient$AcmeAccount.class */
    public class AcmeAccount {
        private final Account account;

        private AcmeAccount(Account account) {
            this.account = account;
        }

        public List<URI> getContacts() {
            return this.account.getContacts();
        }

        public URL getLocation() {
            return this.account.getLocation();
        }

        @FFDCIgnore({AcmeProtocolException.class})
        public List<String> getOrders() {
            try {
                Iterator<Order> orders = this.account.getOrders();
                if (orders == null) {
                    return Collections.emptyList();
                }
                ArrayList arrayList = new ArrayList();
                while (orders.hasNext()) {
                    arrayList.add(orders.next().getJSON().toString());
                }
                return arrayList;
            } catch (AcmeProtocolException e) {
                return Collections.emptyList();
            }
        }

        public String getStatus() {
            return this.account.getStatus().toString();
        }

        public Boolean getTermsOfServiceAgreed() {
            return this.account.getTermsOfServiceAgreed();
        }

        public String toString() {
            return super.toString() + "{" + this.account.getLocation() + "}";
        }
    }

    public AcmeClient(AcmeConfig acmeConfig) throws AcmeCaException {
        this.acmeConfig = acmeConfig;
    }

    @FFDCIgnore({AcmeException.class, AcmeRetryAfterException.class})
    private void authorize(Authorization authorization) throws AcmeCaException {
        boolean z;
        if (authorization.getStatus() == Status.VALID) {
            return;
        }
        Challenge prepareHttpChallenge = prepareHttpChallenge(authorization);
        try {
            if (prepareHttpChallenge.getStatus() == Status.VALID) {
                if (z) {
                    return;
                } else {
                    return;
                }
            }
            try {
                prepareHttpChallenge.trigger();
                Long challengePollTimeoutMs = this.acmeConfig.getChallengePollTimeoutMs();
                long currentTimeMillis = challengePollTimeoutMs.longValue() <= 0 ? 0L : System.currentTimeMillis() + challengePollTimeoutMs.longValue();
                boolean z2 = false;
                while (true) {
                    if (!z2 && currentTimeMillis != 0 && currentTimeMillis < System.currentTimeMillis()) {
                        break;
                    }
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Challenge status poll loop: " + prepareHttpChallenge.getStatus() + ", " + z2 + ", " + currentTimeMillis + ", " + System.currentTimeMillis(), new Object[0]);
                    }
                    if (prepareHttpChallenge.getStatus() == Status.INVALID || prepareHttpChallenge.getStatus() == Status.VALID) {
                        break;
                    }
                    if (!z2) {
                        sleep(500L, currentTimeMillis);
                    }
                    try {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Challenge status poll loop: updating challenge status.", new Object[0]);
                        }
                        z2 = false;
                        prepareHttpChallenge.update();
                    } catch (AcmeRetryAfterException e) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Challenge status poll loop: server requested us to retry again later at " + e.getRetryAfter(), new Object[0]);
                        }
                        long currentTimeMillis2 = System.currentTimeMillis();
                        if (currentTimeMillis != 0 && currentTimeMillis2 >= currentTimeMillis) {
                            break;
                        }
                        z2 = true;
                        sleep(e.getRetryAfter().toEpochMilli() - currentTimeMillis2, currentTimeMillis);
                    } catch (AcmeException e2) {
                        throw handleAcmeException(e2, Tr.formatMessage(tc, "CWPKI2010E", new Object[]{this.acmeConfig.getDirectoryURI(), getRootCauseMessage(e2)}));
                    }
                }
                if (prepareHttpChallenge.getStatus() == Status.INVALID) {
                    throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2001E", new Object[]{this.acmeConfig.getDirectoryURI(), authorization.getIdentifier().getDomain(), prepareHttpChallenge.getStatus().toString(), prepareHttpChallenge.getError().toString()}));
                }
                if (prepareHttpChallenge.getStatus() != Status.VALID) {
                    throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2002E", new Object[]{this.acmeConfig.getDirectoryURI(), authorization.getIdentifier().getDomain(), prepareHttpChallenge.getStatus().toString(), challengePollTimeoutMs + "ms"}));
                }
                if (prepareHttpChallenge instanceof Http01Challenge) {
                    this.httpTokenToAuthzMap.remove(((Http01Challenge) prepareHttpChallenge).getToken());
                }
            } catch (AcmeException e3) {
                throw handleAcmeException(e3, Tr.formatMessage(tc, "CWPKI2009E", new Object[]{this.acmeConfig.getDirectoryURI(), e3.getMessage()}));
            }
        } finally {
            if (prepareHttpChallenge instanceof Http01Challenge) {
                this.httpTokenToAuthzMap.remove(((Http01Challenge) prepareHttpChallenge).getToken());
            }
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:21:0x0112. Please report as an issue. */
    @FFDCIgnore({IOException.class, AcmeException.class, AcmeRetryAfterException.class})
    public AcmeCertificate fetchCertificate(boolean z) throws AcmeCaException {
        long currentTimeMillis = System.currentTimeMillis();
        Account findOrRegisterAccount = findOrRegisterAccount(getNewSession(), getAccountKeyPair(false), z);
        KeyPair domainKeyPair = getDomainKeyPair();
        if (z) {
            return null;
        }
        OrderBuilder newOrder = findOrRegisterAccount.newOrder();
        newOrder.domains(this.acmeConfig.getDomains());
        if (this.acmeConfig.getValidForMs() != null && this.acmeConfig.getValidForMs().longValue() > 0) {
            newOrder.notAfter(Instant.now().plusMillis(this.acmeConfig.getValidForMs().longValue()));
        }
        try {
            Order create = newOrder.create();
            Iterator<Authorization> it = create.getAuthorizations().iterator();
            while (it.hasNext()) {
                authorize(it.next());
            }
            CSRBuilder cSRBuilder = new CSRBuilder();
            cSRBuilder.addDomains(this.acmeConfig.getDomains());
            for (Rdn rdn : this.acmeConfig.getSubjectDN()) {
                String lowerCase = rdn.getType().toLowerCase();
                boolean z2 = -1;
                switch (lowerCase.hashCode()) {
                    case 99:
                        if (lowerCase.equals("c")) {
                            z2 = 2;
                            break;
                        }
                        break;
                    case 108:
                        if (lowerCase.equals("l")) {
                            z2 = 4;
                            break;
                        }
                        break;
                    case 111:
                        if (lowerCase.equals("o")) {
                            z2 = false;
                            break;
                        }
                        break;
                    case 3558:
                        if (lowerCase.equals("ou")) {
                            z2 = true;
                            break;
                        }
                        break;
                    case 3681:
                        if (lowerCase.equals("st")) {
                            z2 = 3;
                            break;
                        }
                        break;
                }
                switch (z2) {
                    case false:
                        cSRBuilder.setOrganization((String) rdn.getValue());
                        break;
                    case true:
                        cSRBuilder.setOrganizationalUnit((String) rdn.getValue());
                        break;
                    case true:
                        cSRBuilder.setCountry((String) rdn.getValue());
                        break;
                    case true:
                        cSRBuilder.setState((String) rdn.getValue());
                        break;
                    case true:
                        cSRBuilder.setLocality((String) rdn.getValue());
                        break;
                }
            }
            try {
                cSRBuilder.sign(domainKeyPair);
                Tr.debug(tc, "Certificate Signing Request: " + cSRBuilder.toString(), new Object[0]);
                try {
                    create.execute(cSRBuilder.getEncoded());
                    Long orderPollTimeoutMs = this.acmeConfig.getOrderPollTimeoutMs();
                    long currentTimeMillis2 = orderPollTimeoutMs.longValue() <= 0 ? 0L : System.currentTimeMillis() + orderPollTimeoutMs.longValue();
                    boolean z3 = false;
                    while (true) {
                        if (z3 || currentTimeMillis2 == 0 || currentTimeMillis2 >= System.currentTimeMillis()) {
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                Tr.debug(tc, "Order status poll loop: " + create.getStatus() + ", " + z3 + ", " + currentTimeMillis2 + ", " + System.currentTimeMillis(), new Object[0]);
                            }
                            if (create.getStatus() != Status.INVALID && create.getStatus() != Status.VALID) {
                                if (!z3) {
                                    sleep(500L, currentTimeMillis2);
                                }
                                try {
                                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Order status poll loop: updating challenge status.", new Object[0]);
                                    }
                                    z3 = false;
                                    create.update();
                                } catch (AcmeRetryAfterException e) {
                                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Order status poll loop: server requested us to retry again later at " + e.getRetryAfter(), new Object[0]);
                                    }
                                    long currentTimeMillis3 = System.currentTimeMillis();
                                    if (currentTimeMillis2 == 0 || currentTimeMillis3 < currentTimeMillis2) {
                                        z3 = true;
                                        sleep(e.getRetryAfter().toEpochMilli() - currentTimeMillis3, currentTimeMillis2);
                                    }
                                } catch (AcmeException e2) {
                                    throw handleAcmeException(e2, Tr.formatMessage(tc, "CWPKI2015E", new Object[]{this.acmeConfig.getDirectoryURI(), e2.getMessage()}));
                                }
                            }
                        }
                    }
                    if (create.getStatus() == Status.INVALID) {
                        throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2001E", new Object[]{this.acmeConfig.getDirectoryURI(), this.acmeConfig.getDomains(), create.getStatus().toString(), create.getError().toString()}));
                    }
                    if (create.getStatus() != Status.VALID) {
                        throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2004E", new Object[]{this.acmeConfig.getDirectoryURI(), this.acmeConfig.getDomains(), create.getStatus().toString(), orderPollTimeoutMs + "ms"}));
                    }
                    Certificate certificate = create.getCertificate();
                    X509Certificate certificate2 = certificate.getCertificate();
                    if (certificate2.getNotBefore().after(Calendar.getInstance().getTime())) {
                        Tr.warning(tc, "CWPKI2045W", new Object[]{certificate2.getSerialNumber().toString(16), this.acmeConfig.getDirectoryURI(), certificate2.getNotBefore().toInstant().toString()});
                    }
                    checkRenewTimeAgainstCertValidityPeriod(certificate.getCertificate().getNotBefore(), certificate.getCertificate().getNotAfter(), certificate.getCertificate().getSerialNumber().toString(16));
                    if (TraceComponent.isAnyTracingEnabled() && tc.isAuditEnabled()) {
                        Tr.audit(tc, Tr.formatMessage(tc, "CWPKI2064I", new Object[]{certificate2.getSerialNumber().toString(16), this.acmeConfig.getDirectoryURI(), Double.valueOf((System.currentTimeMillis() - currentTimeMillis) / 1000.0d)}), new Object[0]);
                    }
                    return new AcmeCertificate(domainKeyPair, certificate2, certificate.getCertificateChain());
                } catch (IOException e3) {
                    throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2014E", new Object[]{this.acmeConfig.getDirectoryURI(), e3.getMessage()}), e3);
                } catch (AcmeException e4) {
                    throw handleAcmeException(e4, Tr.formatMessage(tc, "CWPKI2013E", new Object[]{this.acmeConfig.getDirectoryURI(), e4.getMessage()}));
                }
            } catch (IOException e5) {
                throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2012E", new Object[]{this.acmeConfig.getDirectoryURI(), e5.getMessage()}), e5);
            }
        } catch (AcmeException e6) {
            throw handleAcmeException(e6, Tr.formatMessage(tc, "CWPKI2011E", new Object[]{this.acmeConfig.getDirectoryURI(), e6.getMessage()}));
        }
    }

    public AcmeAccount getAccount() throws AcmeCaException {
        return new AcmeAccount(getAccount(null));
    }

    private Account getAccount(Session session) throws AcmeCaException {
        KeyPair loadAccountKeyPair = loadAccountKeyPair();
        if (loadAccountKeyPair == null) {
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2025W", new Object[]{this.acmeConfig.getDirectoryURI()}));
        }
        if (session == null) {
            session = getNewSession();
        }
        return getExistingAccount(session, loadAccountKeyPair);
    }

    @FFDCIgnore({AcmeServerException.class})
    private Account getExistingAccount(Session session, KeyPair keyPair) throws AcmeCaException {
        try {
            return new AccountBuilder().useKeyPair(keyPair).onlyExisting().create(session);
        } catch (AcmeServerException e) {
            return null;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.acme.internal.AcmeClient", "569", this, new Object[]{session, keyPair});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unexpected", new Object[]{e2});
            }
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2016E", new Object[]{this.acmeConfig.getDirectoryURI(), getRootCauseMessage(e2)}), e2);
        }
    }

    @FFDCIgnore({AcmeException.class})
    private Account findOrRegisterAccount(Session session, KeyPair keyPair, boolean z) throws AcmeCaException {
        Account existingAccount = getExistingAccount(session, keyPair);
        if (existingAccount == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "An existing account was not found, requesting terms of service.", new Object[0]);
            }
            try {
                URI termsOfService = session.getMetadata().getTermsOfService();
                if (termsOfService != null) {
                    Tr.audit(tc, "CWPKI2006I", new Object[]{this.acmeConfig.getDirectoryURI(), termsOfService});
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No terms of service provided", new Object[0]);
                }
                AccountBuilder useKeyPair = new AccountBuilder().agreeToTermsOfService().useKeyPair(keyPair);
                if (this.acmeConfig.getAccountContacts() != null && !this.acmeConfig.getAccountContacts().isEmpty()) {
                    Iterator<String> it = this.acmeConfig.getAccountContacts().iterator();
                    while (it.hasNext()) {
                        useKeyPair.addContact(it.next());
                    }
                }
                try {
                    existingAccount = useKeyPair.create(session);
                } catch (AcmeException e) {
                    throw handleAcmeException(e, Tr.formatMessage(tc, "CWPKI2018E", new Object[]{this.acmeConfig.getDirectoryURI(), getRootCauseMessage(e)}));
                }
            } catch (AcmeException e2) {
                throw handleAcmeException(e2, Tr.formatMessage(tc, "CWPKI2017E", new Object[]{this.acmeConfig.getDirectoryURI(), e2.getMessage()}));
            }
        }
        if (!z) {
            Tr.audit(tc, "CWPKI2019I", new Object[]{this.acmeConfig.getDirectoryURI(), existingAccount.getLocation()});
        }
        return existingAccount;
    }

    public String getHttp01Authorization(String str) {
        return this.httpTokenToAuthzMap.get(str);
    }

    @FFDCIgnore({IOException.class})
    private KeyPair loadAccountKeyPair() throws AcmeCaException {
        accountKeyPairFileRWLock.readLock().lock();
        try {
            File file = null;
            if (this.acmeConfig.getAccountKeyFile() != null) {
                file = new File(this.acmeConfig.getAccountKeyFile());
            }
            if (file == null || !file.exists()) {
                accountKeyPairFileRWLock.readLock().unlock();
                return null;
            }
            try {
                FileReader fileReader = new FileReader(file);
                try {
                    KeyPair readKeyPair = KeyPairUtils.readKeyPair(fileReader);
                    fileReader.close();
                    accountKeyPairFileRWLock.readLock().unlock();
                    return readKeyPair;
                } catch (Throwable th) {
                    fileReader.close();
                    throw th;
                }
            } catch (IOException e) {
                throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2021E", new Object[]{file, e.getMessage()}), e);
            }
        } catch (Throwable th2) {
            accountKeyPairFileRWLock.readLock().unlock();
            throw th2;
        }
    }

    @FFDCIgnore({IOException.class})
    private KeyPair loadDomainKeyPair() throws AcmeCaException {
        File file = null;
        if (this.acmeConfig.getDomainKeyFile() != null) {
            file = new File(this.acmeConfig.getDomainKeyFile());
        }
        if (file == null || !file.exists()) {
            return null;
        }
        try {
            FileReader fileReader = new FileReader(file);
            try {
                KeyPair readKeyPair = KeyPairUtils.readKeyPair(fileReader);
                fileReader.close();
                return readKeyPair;
            } catch (Throwable th) {
                fileReader.close();
                throw th;
            }
        } catch (IOException e) {
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2020E", new Object[]{file, e.getMessage()}), e);
        }
    }

    @FFDCIgnore({IOException.class})
    private KeyPair getAccountKeyPair(boolean z) throws AcmeCaException {
        KeyPair keyPair = null;
        if (!z) {
            keyPair = loadAccountKeyPair();
        }
        if (keyPair == null) {
            accountKeyPairFileRWLock.writeLock().lock();
            try {
                keyPair = KeyPairUtils.createKeyPair(2048);
                File file = null;
                if (this.acmeConfig.getAccountKeyFile() != null) {
                    file = new File(this.acmeConfig.getAccountKeyFile());
                    if (file.getParentFile() != null) {
                        file.getParentFile().mkdirs();
                    }
                }
                if (file != null) {
                    try {
                        FileWriter fileWriter = new FileWriter(file);
                        try {
                            KeyPairUtils.writeKeyPair(keyPair, fileWriter);
                            fileWriter.close();
                        } catch (Throwable th) {
                            fileWriter.close();
                            throw th;
                        }
                    } catch (IOException e) {
                        throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2023E", new Object[]{this.acmeConfig.getDirectoryURI(), file, e.getMessage()}), e);
                    }
                }
                accountKeyPairFileRWLock.writeLock().unlock();
            } catch (Throwable th2) {
                accountKeyPairFileRWLock.writeLock().unlock();
                throw th2;
            }
        }
        return keyPair;
    }

    @FFDCIgnore({IOException.class})
    private KeyPair getDomainKeyPair() throws AcmeCaException {
        KeyPair loadDomainKeyPair = loadDomainKeyPair();
        if (loadDomainKeyPair == null) {
            loadDomainKeyPair = KeyPairUtils.createKeyPair(2048);
            File file = null;
            if (this.acmeConfig.getDomainKeyFile() != null) {
                file = new File(this.acmeConfig.getDomainKeyFile());
                if (file.getParentFile() != null) {
                    file.getParentFile().mkdirs();
                }
            }
            if (file != null) {
                try {
                    FileWriter fileWriter = new FileWriter(file);
                    try {
                        KeyPairUtils.writeKeyPair(loadDomainKeyPair, fileWriter);
                        fileWriter.close();
                    } catch (Throwable th) {
                        fileWriter.close();
                        throw th;
                    }
                } catch (IOException e) {
                    throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2022E", new Object[]{this.acmeConfig.getDirectoryURI(), file, e.getMessage()}), e);
                }
            }
        }
        return loadDomainKeyPair;
    }

    private Challenge prepareHttpChallenge(Authorization authorization) throws AcmeCaException {
        Http01Challenge http01Challenge = (Http01Challenge) authorization.findChallenge(Http01Challenge.TYPE);
        if (http01Challenge == null) {
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2005E", new Object[]{this.acmeConfig.getDirectoryURI(), Http01Challenge.TYPE}));
        }
        this.httpTokenToAuthzMap.put(http01Challenge.getToken(), http01Challenge.getAuthorization());
        Tr.debug(tc, "Prepared the HTTP-01 challenge with token '" + http01Challenge.getToken() + "' and authorization '" + http01Challenge.getAuthorization() + "'.", new Object[0]);
        return http01Challenge;
    }

    public void revoke(X509Certificate x509Certificate, String str) throws AcmeCaException {
        revoke(x509Certificate, str, this.acmeConfig.getDirectoryURI());
    }

    @FFDCIgnore({AcmeException.class, IllegalArgumentException.class})
    public void revoke(X509Certificate x509Certificate, String str, String str2) throws AcmeCaException {
        if (x509Certificate == null) {
            return;
        }
        KeyPair loadAccountKeyPair = loadAccountKeyPair();
        if (loadAccountKeyPair == null) {
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2025W", new Object[]{str2}));
        }
        Session newSession = getNewSession(str2);
        Account existingAccount = getExistingAccount(newSession, loadAccountKeyPair);
        if (existingAccount == null) {
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2026W", new Object[]{str2}));
        }
        RevocationReason revocationReason = RevocationReason.UNSPECIFIED;
        if (str != null) {
            try {
                revocationReason = RevocationReason.valueOf(str.toUpperCase());
            } catch (IllegalArgumentException e) {
                throw new IllegalRevocationReasonException(Tr.formatMessage(tc, "CWPKI2046E", new Object[]{e.getMessage()}), e);
            }
        }
        try {
            Certificate.revoke(new Login(existingAccount.getLocation(), loadAccountKeyPair, newSession), x509Certificate, revocationReason);
            Tr.info(tc, Tr.formatMessage(tc, "CWPKI2038I", new Object[]{x509Certificate.getSerialNumber().toString(16)}), new Object[0]);
        } catch (AcmeException e2) {
            throw handleAcmeException(e2, Tr.formatMessage(tc, "CWPKI2024E", new Object[]{str2, x509Certificate.getSerialNumber().toString(16), e2.getMessage()}));
        }
    }

    @FFDCIgnore({InterruptedException.class})
    private static void sleep(long j, long j2) {
        long currentTimeMillis = System.currentTimeMillis();
        long min = j2 != 0 ? Math.min(currentTimeMillis + j, j2) : currentTimeMillis + j;
        Tr.debug(tc, "sleep: " + min, new Object[0]);
        while (true) {
            long currentTimeMillis2 = System.currentTimeMillis();
            if (currentTimeMillis2 >= min) {
                return;
            }
            try {
                Thread.sleep(min - currentTimeMillis2);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }
        }
    }

    private Session getNewSession() throws AcmeCaException {
        return getNewSession(this.acmeConfig.getDirectoryURI());
    }

    @FFDCIgnore({Exception.class})
    private Session getNewSession(final String str) throws AcmeCaException {
        try {
            return (Session) AccessController.doPrivileged(new PrivilegedExceptionAction<Session>() { // from class: com.ibm.ws.security.acme.internal.AcmeClient.1
                static final long serialVersionUID = 3751076422935335259L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.acme.internal.AcmeClient$1", AnonymousClass1.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Session run() throws Exception {
                    ClassLoader classLoader = null;
                    try {
                        classLoader = Thread.currentThread().getContextClassLoader();
                        Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
                        Session session = new Session(str);
                        Thread.currentThread().setContextClassLoader(classLoader);
                        return session;
                    } catch (Throwable th) {
                        Thread.currentThread().setContextClassLoader(classLoader);
                        throw th;
                    }
                }
            });
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Getting a new session failed for " + str + ", full stack trace is", new Object[]{e});
            }
            Exception exception = e instanceof PrivilegedActionException ? ((PrivilegedActionException) e).getException() : e;
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2028E", new Object[]{this.acmeConfig.getDirectoryURI(), exception.getMessage()}), exception);
        }
    }

    @Trivial
    private static String getRootCauseMessage(Throwable th) {
        String addExceptionClass = addExceptionClass(th);
        String str = addExceptionClass;
        Throwable th2 = th;
        while (true) {
            Throwable th3 = th2;
            if (th3 == null) {
                return str;
            }
            String message = th3.getMessage();
            if (message != null && !message.trim().isEmpty()) {
                str = addExceptionClass(th3);
            } else if (th3 instanceof IOException) {
                str = addExceptionClass + "  Caused by:  " + addExceptionClass(th3);
            }
            th2 = th3.getCause();
        }
    }

    @Trivial
    private static String addExceptionClass(Throwable th) {
        if (th != null) {
            return th.getClass().getName() + (th.getMessage() == null ? "" : ": " + th.getMessage());
        }
        return "";
    }

    public void renewAccountKeyPair() throws AcmeCaException {
        accountKeyPairFileRWLock.writeLock().lock();
        try {
            Account account = getAccount(null);
            if (account == null) {
                throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2026W", new Object[]{this.acmeConfig.getDirectoryURI()}));
            }
            try {
                String format = new SimpleDateFormat("yyyyMMddHHmmssSSS").format(new Date());
                File file = new File(this.acmeConfig.getAccountKeyFile());
                String str = file.getParent() + File.separatorChar + format + "-" + file.getName();
                copyFile(this.acmeConfig.getAccountKeyFile(), str);
                File file2 = new File(str);
                try {
                    try {
                        account.changeKey(getAccountKeyPair(true));
                        Tr.info(tc, Tr.formatMessage(tc, "CWPKI2048I", new Object[]{file2.getAbsolutePath()}), new Object[0]);
                        accountKeyPairFileRWLock.writeLock().unlock();
                    } catch (AcmeException e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.acme.internal.AcmeClient", "1235", this, new Object[0]);
                        try {
                            copyFile(file2.getAbsolutePath(), this.acmeConfig.getAccountKeyFile());
                            deleteFile(file2);
                        } catch (IOException e2) {
                            FFDCFilter.processException(e2, "com.ibm.ws.security.acme.internal.AcmeClient", "1243", this, new Object[0]);
                            Tr.error(tc, "CWPKI2049E", new Object[]{this.acmeConfig.getAccountKeyFile(), file2.getAbsolutePath()});
                        }
                        throw handleAcmeException(e, Tr.formatMessage(tc, "CWPKI2047E", new Object[]{e.getMessage()}));
                    }
                } catch (AcmeCaException e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.acme.internal.AcmeClient", "1222", this, new Object[0]);
                    deleteFile(file2);
                    throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2047E", new Object[]{e3.getMessage()}), e3);
                }
            } catch (IOException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.acme.internal.AcmeClient", "1211", this, new Object[0]);
                throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2050E", new Object[]{e4.getMessage()}), e4);
            }
        } catch (Throwable th) {
            accountKeyPairFileRWLock.writeLock().unlock();
            throw th;
        }
    }

    private static void deleteFile(final File file) {
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.security.acme.internal.AcmeClient.2
            static final long serialVersionUID = 2166459245181565789L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.acme.internal.AcmeClient$2", AnonymousClass2.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                file.delete();
                return null;
            }
        });
    }

    private static void copyFile(final String str, final String str2) throws IOException {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { // from class: com.ibm.ws.security.acme.internal.AcmeClient.3
                static final long serialVersionUID = 7600054732771506581L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.acme.internal.AcmeClient$3", AnonymousClass3.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws IOException {
                    FileOutputStream fileOutputStream = new FileOutputStream(new File(str2));
                    try {
                        Files.copy(new File(str).toPath(), fileOutputStream);
                        return null;
                    } finally {
                        fileOutputStream.close();
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.acme.internal.AcmeClient", "1313", (Object) null, new Object[]{str, str2});
            throw ((IOException) e.getException());
        }
    }

    @FFDCIgnore({AcmeException.class})
    public void updateAccount() throws AcmeCaException {
        Account account = getAccount(null);
        if (account == null) {
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2026W", new Object[]{this.acmeConfig.getDirectoryURI()}));
        }
        List<String> emptyList = this.acmeConfig.getAccountContacts() == null ? Collections.emptyList() : this.acmeConfig.getAccountContacts();
        List<URI> emptyList2 = account.getContacts() == null ? Collections.emptyList() : account.getContacts();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Existing account contacts: " + emptyList2, new Object[0]);
        }
        boolean z = emptyList2.size() != emptyList.size();
        if (!z) {
            Iterator<String> it = emptyList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (!emptyList2.contains(URI.create(it.next()))) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Account requires updating.", new Object[0]);
            }
            try {
                Account.EditableAccount modify = account.modify();
                List<URI> contacts = modify.getContacts();
                if (contacts != null) {
                    contacts.clear();
                }
                if (emptyList != null) {
                    Iterator<String> it2 = emptyList.iterator();
                    while (it2.hasNext()) {
                        modify.addContact(URI.create(it2.next()));
                    }
                }
                modify.commit();
            } catch (AcmeException e) {
                throw handleAcmeException(e, Tr.formatMessage(tc, "CWPKI2033E", new Object[]{account.getLocation(), this.acmeConfig.getDirectoryURI(), e.getMessage()}));
            }
        }
    }

    protected void checkRenewTimeAgainstCertValidityPeriod(Date date, Date date2, String str) {
        long time = date.getTime();
        long time2 = date2.getTime();
        long renewCertMin = this.acmeConfig.getRenewCertMin();
        long j = time2 - time;
        long longValue = this.acmeConfig.getRenewBeforeExpirationMs().longValue();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Validity versus renew check", new Object[]{Long.valueOf(time), Long.valueOf(time2), Long.valueOf(j), Long.valueOf(longValue)});
        }
        if (j <= longValue) {
            if (j <= renewCertMin) {
                Tr.warning(tc, "CWPKI2056W", new Object[]{str, renewCertMin + "ms", Long.valueOf(j), renewCertMin + "ms"});
                this.acmeConfig.setRenewBeforeExpirationMs(Long.valueOf(renewCertMin), false);
            } else if (j > AcmeConstants.RENEW_DEFAULT_MS.longValue()) {
                Tr.warning(tc, "CWPKI2054W", new Object[]{longValue + "ms", str, j + "ms", AcmeConstants.RENEW_DEFAULT_MS + "ms"});
                this.acmeConfig.setRenewBeforeExpirationMs(AcmeConstants.RENEW_DEFAULT_MS, false);
            } else {
                long round = Math.round(j * 0.5d);
                this.acmeConfig.setRenewBeforeExpirationMs(Long.valueOf(round <= renewCertMin ? renewCertMin : round), false);
                Tr.warning(tc, "CWPKI2054W", new Object[]{longValue + "ms", str, Long.valueOf(j), longValue + "ms"});
            }
        }
    }

    @Trivial
    private AcmeCaException handleAcmeException(AcmeException acmeException, String str) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Caught AcmeException", new Object[]{acmeException, str});
        }
        if (acmeException instanceof AcmeUserActionRequiredException) {
            Tr.error(tc, "CWPKI2063E", new Object[]{this.acmeConfig.getDirectoryURI(), ((AcmeUserActionRequiredException) acmeException).getTermsOfServiceUri()});
        }
        return new AcmeCaException(str, acmeException);
    }
}
